[Bug 317181] [NEW] [CVE-2009-0050] - Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function
Launchpad Bug Tracker
317181 at bugs.launchpad.net
Wed Jan 14 22:13:13 GMT 2009
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Jamie Strandboge (jdstrand):
Lasso 2.2.1 and earlier does not properly check the return value from
the OpenSSL DSA_verify function, which allows remote attackers to bypass
validation of the certificate chain via a malformed SSL/TLS signature, a
similar vulnerability to CVE-2008-5077.
** Affects: lasso (Ubuntu)
Importance: Undecided
Assignee: Stefan Lesicnik (stefanlsd)
Status: Confirmed
** Affects: lasso (Ubuntu Dapper)
Importance: Undecided
Status: Confirmed
** Affects: lasso (Ubuntu Gutsy)
Importance: Undecided
Status: Confirmed
** Affects: lasso (Ubuntu Hardy)
Importance: Undecided
Status: Confirmed
** Affects: lasso (Ubuntu Intrepid)
Importance: Undecided
Status: Confirmed
** Affects: lasso (Ubuntu Jaunty)
Importance: Undecided
Assignee: Stefan Lesicnik (stefanlsd)
Status: Confirmed
--
[CVE-2009-0050] - Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function
https://bugs.launchpad.net/bugs/317181
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is a direct subscriber.
More information about the ubuntu-archive
mailing list